System and Method for Storage Operation Access Security

1. A method for execution by at least one processor to manage users in a data management system, wherein the data management system manages secondary copies of data files, the method comprising: adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user's rights to access the production data file, and, causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein causing the security system to be queried to determine the access rights includes determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein adding the user to the created group within the data management system includes associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access.

2. The method of claim 1 wherein a user of the data management system who does not have privileges to create new users within the data management system adds the user to the created group within the data management system, and wherein the secondary storage device is external from and remote to the primary storage.

3. The method of claim 1 , further comprising querying the security system to determine an email address associated with the user.

4. The method of claim 1 wherein the user is a security group that contains multiple users and wherein adding an identified at least one user adds all of the users within the group.

5. The method of claim 1 wherein an administrator of the data management system does not have access rights to create new users within the data management system.

6. The method of claim 1 wherein an administrator of the data management system does not have access rights to create new users within the security system.

7. The method of claim 1 , further including querying the security system to determine an email address associated with the user such that the email address can be used by the data management system to provide an email update to the user regarding the status of a storage operation.

8. The method of claim 1 wherein adding the identified at least one user to the created group within the data management system comprises storing a reference within the created group to a record associated with the user in the security system.

9. A non-transitory computer-readable medium having instructions for a method of managing users in a data management system that is configured to manage secondary copies of data files, if the instructions are executed by a processor in the data management system, the instructions cause the processor to perform the method, comprising: adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user's rights to access the production data file, and, causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein causing the security system to be queried to determine the access rights includes determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein adding the user to the created group within the data management system includes associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access.

10. The computer-readable medium of claim 9 wherein a user of the data management system who does not have privileges to create new users within the data management system adds the user to the created group within the data management system.

11. The computer-readable medium of claim 9 , wherein the method further comprises querying the security system to determine an email address associated with the user.

12. The computer-readable medium of claim 9 wherein the user is a security group that contains multiple users and wherein adding an identified at least one user adds all of the users within the group.

13. The computer-readable medium of claim 9 wherein an administrator of the data management system does not have access rights to create new users within the data management system.

14. The computer-readable medium of claim 9 wherein an administrator of the data management system does not have access rights to create new users within the security system.

15. A system for managing users in a data management system that is configured to manage secondary copies of data files, the system comprising: means for adding a user of the data management system to a previously created group within the data management system, wherein the group associates one or more users with at least one access right for performing storage operations; means for receiving a request from the user to perform a storage operation, wherein the storage operation is to create a secondary copy of a production data file; means for causing a security system to be queried to determine access rights of the user, wherein the access rights relate to the user's rights to access the production data file, and, means for causing the requested storage operation to be performed when the access rights permit the user to request the requested storage operation, wherein the secondary copy is used to restore production data from the production file from which the secondary copy is created; wherein the means for causing the security system to be queried to determine the access rights includes means for determining one or more computers through which the user has access, wherein the access rights permit the data management system to perform the requested storage operation if the production data file is associated with one of the determined one or more computers; wherein means for adding the user to the created group within the data management system includes means for associating the created group with the user in the security system; and wherein the at least one access right for performing storage operations determines which data a user within the group can access.

16. The system of claim 15 wherein a user of the data management system who does not have privileges to create new users within the data management system adds the user to the created group within the data management system.

17. The system of claim 15 further comprising means for querying the security system to determine an email address associated with the user.

18. The system of claim 15 wherein the user is a security group that contains multiple users and wherein adding an identified at least one user adds all of the users within the group.